The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Download 5,76 Mb.

1 ... 540 541 542 543 544 545 546 547 ... 875

Bog'liq
3794 1008 4334

Local File Inclusion

In some cases, include files are loaded on the basis of user-controllable data,

but it is not possible to specify a URL to a file on an external server. For exam-

ple, if user-controllable data is passed to the ASP function

Server.Execute

then an attacker may be able to cause an arbitrary ASP script to be executed,

provided that this script belongs to the same application as the one that is call-

ing the function.

In this situation, you may still be able to exploit the application’s behavior to

perform unauthorized actions:

■■

There may be server-executable files on the server that you cannot

access through the normal route — for example, any requests to the

path

/admin

may be blocked through application-wide access controls.

If you can cause sensitive functionality to be included into a page that

you are authorized to access, then you may be able to gain access to

that functionality.

■■

There may be static resources on the server that are similarly protected

from direct access. If you can cause these to be dynamically included

into other application pages, then the execution environment will typi-

cally simply copy the contents of the static resource into its response.

Download 5,76 Mb.

Do'stlaringiz bilan baham:

1 ... 540 541 542 543 544 545 546 547 ... 875